ci2 starts bisection 2023-06-27 08:18:03.624118891 +0000 UTC m=+63102.714466748
bisecting fixing commit since a343b0dd87b42ba9d508fbf7d0c06f744c2e0954
building syzkaller on cf1845599c0bdab59c69518eaa0ecb960ec7ddf0
ensuring issue is reproducible on original commit a343b0dd87b42ba9d508fbf7d0c06f744c2e0954

testing commit a343b0dd87b42ba9d508fbf7d0c06f744c2e0954 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b1aaf82fc08262963845f42d8056bd7178aed3138c3a90821bc0f27e1ac7ac9b
all runs: crashed: BUG: Bad page state
testing current HEAD e84a4e368abe42cf359fe237f0238820859d5044
testing commit e84a4e368abe42cf359fe237f0238820859d5044 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ae79e6718568010af1c251942955b58a01a6c273855970a3fecaee5b20525d95
all runs: crashed: BUG: Bad page state
crash still not fixed/happens on the oldest tested release
revisions tested: 2, total time: 1h7m1.114689378s (build: 59m14.805269218s, test: 6m37.896553098s)
crash still not fixed on HEAD or HEAD had kernel test errors
commit msg: Linux 6.1.35
crash: BUG: Bad page state
BUG: Bad page state in process jfsCommit  pfn:109b69
page:0000000069cd6016 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x109b69
flags: 0x5ffc00000002047(locked|referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002047 dead000000000100 dead000000000122 0000000000000000
raw: 000000000000001c ffff0000d08619b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 92 Comm: jfsCommit Not tainted 6.1.35-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
 dump_backtrace+0x100/0x150 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x90/0xc8 lib/dump_stack.c:106
 dump_stack+0x18/0x54 lib/dump_stack.c:113
 bad_page+0x1a4/0x1c4 mm/page_alloc.c:719
 free_page_is_bad_report mm/page_alloc.c:1297 [inline]
 free_page_is_bad mm/page_alloc.c:1307 [inline]
 free_pages_prepare mm/page_alloc.c:1453 [inline]
 free_pcp_prepare mm/page_alloc.c:1510 [inline]
 free_unref_page_prepare+0x348/0x1070 mm/page_alloc.c:3388
 free_unref_page+0x80/0x444 mm/page_alloc.c:3484
 __folio_put_small mm/swap.c:105 [inline]
 __folio_put+0xa4/0xe4 mm/swap.c:128
 folio_put include/linux/mm.h:1165 [inline]
 put_page include/linux/mm.h:1217 [inline]
 _metapage_homeok+0xdc/0x19c fs/jfs/jfs_metapage.h:119
 txUnlock+0x260/0xa7c fs/jfs/jfs_txnmgr.c:927
 txLazyCommit fs/jfs/jfs_txnmgr.c:2677 [inline]
 jfs_lazycommit+0x430/0x860 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
page:0000000069cd6016 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x109b69
flags: 0x5ffc00000002047(locked|referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002047 dead000000000100 dead000000000122 0000000000000000
raw: 000000000000001c ffff0000d08619b0 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1129!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 92 Comm: jfsCommit Tainted: G    B              6.1.35-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : folio_get include/linux/mm.h:1129 [inline]
pc : get_page include/linux/mm.h:1135 [inline]
pc : put_metapage+0x1f0/0x238 fs/jfs/jfs_metapage.c:721
lr : folio_get include/linux/mm.h:1129 [inline]
lr : get_page include/linux/mm.h:1135 [inline]
lr : put_metapage+0x1f0/0x238 fs/jfs/jfs_metapage.c:721
sp : ffff800018ea7bb0
x29: ffff800018ea7bb0 x28: 0000000000000002 x27: 0000000000000048
x26: 1fffe0001a10c33b x25: 1fffe0001a10c348 x24: dfff800000000000
x23: fffffc000326da74 x22: fffffc000326da40 x21: ffff0000d08619d8
x20: ffff0000d0861a40 x19: ffff0000d08619b0 x18: ffffffffffffffff
x17: 635f6665725f6f69 x16: ffff800010e55424 x15: 2064656e6769736e
x14: 752828284f494c4f x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000001 x10: 0000000000000000 x9 : 849a4899e3308800
x8 : 849a4899e3308800 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800018ea7418 x4 : ffff80001432a5a0 x3 : ffff8000084d2368
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 000000000000005c
Call trace:
 folio_get include/linux/mm.h:1129 [inline]
 get_page include/linux/mm.h:1135 [inline]
 put_metapage+0x1f0/0x238 fs/jfs/jfs_metapage.c:721
 txUnlock+0x340/0xa7c fs/jfs/jfs_txnmgr.c:942
 txLazyCommit fs/jfs/jfs_txnmgr.c:2677 [inline]
 jfs_lazycommit+0x430/0x860 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: f003e6a1 91178021 aa1603e0 97c36fe8 (d4210000) 
---[ end trace 0000000000000000 ]---